2012 june symantec intelligence report
DESCRIPTION
Symantec announced the findings of its June 2012 Symantec Intelligence Report, which shows 30 percent of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. As reported in the recent ISTR, this figure was 18 percent at the end of December 2011.TRANSCRIPT
Symantec Intelligence 1
Symantec Intelligence Report
June 2012
About the Symantec Intelligence Report
The Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks.
The data used to compile the analysis for this combined report includes data from May and June 2012.
Symantec Intelligence 2
October 2011 Highlights• 36% of targeted attacks directed at SMBs• Further analysis of W32.Flamer • In-depth look a recently attempted targeted attack• Spam – 66.8 percent (a decrease of 1.0 percentage point since
May 2012)• Phishing – One in 467.6 emails identified as phishing (an
increase of 0.04 percentage points since May 2012)• Malware – One in 316.5 emails contained malware (an increase
of 0.04 percentage points since May 2012)• Malicious Web sites – 2,106 Web sites blocked per day (a
decrease of 51.7 percent since October 2011)
Symantec Intelligence 3
Targeted Attacks in 2012• Daily targeted attacks increased by a minimum of 24%.• More than 36% of all targeted attacks are aimed at small
companies, compared to 18% at the end of 2011.• Direct correlation between a rise in attacks against small
companies and a drop in attacks against larger ones.• 45% of all targeted attacks are aimed at the Defense industry.• In four of the top five source countries, their own country is
either the first or second-most targeted country.
Symantec Intelligence 4
Spam Rate & Sources5
Additional Spam Metrics
Symantec Intelligence 6
Spam Attack Vectors
11-May 13-May 15-May 17-May 19-May 21-May 23-May 25-May 27-May 29-May 31-May 2-Jun 4-Jun 6-Jun 8-Jun 10-Jun0.0%
4.5%
9.0%
13.5%
18.0%
NDR Malware
Additional Spam Metrics
Symantec Intelligence 7
Average Spam Message Size
Spam URL TLD Distribution
TLD June MayChange
(% points)
.com 74.7% 66.6% +8.1
.ru 4.1% 7.5% -3.4
.net 4.6% 5.8% -1.2
.br 2.9% 3.4% -0.5
Message Size June MayChange
(% points)
0Kb – 5Kb 43.1% 51.1% -8.0
5Kb – 10Kb 33.3% 29.1% +4.2
>10Kb 23.6% 19.8% +3.8
Spam Subject Line Analysis
Symantec Intelligence 8
Rank
June 2012Total Spam: Top Subject Lines
No. of Days
May 2012Total Spam: Top Subject Lines
No. of Days
1 Delivery Status Notification (Failure) 28 Save-8O%-0ff-Viagra©-Cia1is©-Levitra© 28
2 Save-8O%-0ff-Viagra©-Cia1is©-Levitra© 28 (blank subject) 30
3 (blank subject) 28High-End-Designer-Watch-Replicas-Save-THOUSANDS-2012-Models
22
4 My Sexy Pics 28HIGH-QUALITY-ROLEX-REPLICA-WATCHES&DESIGNER BAGS
17
5 0 5ADD THREE INCHES TO YOUR MANHOOD NOW!
19
6 We cant make it ANY EASIER toget LAID tonight 16 Order confirmation 8
7 HIGH-QUALITY-ROLEX-REPLICA-WATCHES&DESIGNER BAGS 23
Hey, You Need To Cum Check out My FucBook Page! :)
14
8 look at my photos 13 Undelivered Mail Returned to Sender 30
9 Buy Viagra/Cialis Online! 3 look at my photos 7
10 ENLARGE YOUR MANHOOD 2-4 INCHES 22 Erika Sent You A Message 7
Additional Spam Metrics
Symantec Intelligence 9
Global Spam Categories
Category Name June 2012 May 2012Adult/Sex/Dating 64.28% 70.16%Pharma 18.76% 19.22%Casino 5.24% 0.88%Jobs 4.72% 3.47%Watches 2.94% 3.45%Software 1.67% 1.78%Degrees 0.47% 0.57%419/Scam/Lotto 0.27% 0.13%Mobile 0.09% 0.14%Newsletters 0.08% 0.03%Weight Loss <0.01% 0.08%
Phishing Rate & Sources
10
Phishing Rate & Sources
11
Tactics of Phishing Distribution
Symantec Intelligence 12
Typosquatting
Free Web Hosting Sites
IP Address Domains
Other Unique Domains
Automated Toolkits
0.8%
4.0%
2.8%
36.9%
55.5%
Organizations Spoofed in Phishing Attacks, by Industry Sector
Symantec Intelligence 13
ISPInsurance
SecurityRetail Trade
GovernmentTelecommunications
CommunicationsRetail
Information ServicesE-Commerce
Banking
0.011%
0.019%
0.048%
0.078%
0.439%
0.919%
1.1%
1.4%
15.0%
34.9%
46.1%
Virus Rate
14
Most Frequently Blocked Email Malware
Symantec Intelligence 15
Malware Name % Malware
W32/Bredolab.gen!eml.k 17.43%
W32/Bredolab.gen!eml.j 9.49%
Link-Exploit/Spam-3a71 3.82%
W32/NewMalware!16a0 3.48%
Exploit/Link-generic-ee68 3.22%
W32/NewMalware-Generic-a2a1-3477 2.34%
HTML/JS-Encrypted.gen 1.69%
Trojan.Bredolab 1.56%
W32/Bredolab.gen!eml-01cd 1.52%
Link-Gen:Variant.Barys.1516.dam 1.43%
New Malware and Spyware Sites Per Day
Symantec Intelligence 16
Policy, Malware & Potentially Unwanted Programs
Symantec Intelligence 17
Most Frequently Blocked Malware at the Endpoint
Symantec Intelligence 18
[1] For further information on these threats, please visit: http://www.symantec.com/business/security_response/landing/threats.jsp
Malware Name % Malware
WS.Trojan.H 29.06%
W32.Sality.AE 6.81%
W32.Ramnit!html 6.01%
W32.Ramnit.B 5.61%
W32.Downadup.B 3.82%
W32.Ramnit.B!inf 3.53%
W32.Virut.CF 2.07%
Trojan.ADH.2 2.00%
W32.Almanahe.B!inf 1.83%
Trojan.ADH 1.43%
Where to next?• Web:
– www.symanteccloud.com/intelligence
– www.symantec.com/spam
• Twitter:– @symanteccloud
Symantec Intelligence 19